Code in a bag: Russians are massively deceived using QR
Scammers have once again turned to deceiving Russians using QR codes. Now the links lead to fake house chats, to fake websites of government resources, or to pages for transferring money allegedly for various utility needs and for paying fines. Details can be found in the Izvestia article.
A new threat
A resident of the Sokolniki district of the capital sent to the editorial office a photo of a fake advertisement on behalf of a senior at the entrance, which he found at the elevator.
"Dear owners and residents of the house! The topic of installing/dismantling the barrier of our house is discussed here. To find out how many tenants are in favor, join the chat using the QR code and vote. If you are a tenant, kindly notify the owner! We need a clear understanding of how many people are FOR or AGAINST. All the information will be here. Applications for the manufacture of remote controls will also be accepted here!" says the accompanying text on the flyer with the code. According to the Izvestia source, several residents have already transferred money to the barrier and remote controls to fraudsters.
Earlier it was reported that advertisements with QR codes were posted in the capital's high-rise buildings, allegedly about joining a house chat. Through them, the attackers obtained personal data of citizens. The link led to a clone of a well-known messenger, where you had to enter your personal information during registration. The crooks used this information to steal an account in a real application.
Storming the post office, poles and scooters
The QR code does not let you know at a glance where the link will lead, unlike a regular URL. Meanwhile, the widespread use of codes in everyday life plays into the hands of scammers, they actively use this tool to prepare attacks. For example, the employment service of the Kirov region posted a warning on its social network page about a new round of fraud by e-mail on behalf of the interdepartmental commission for combating illegal employment.
"Such letters require that information about the company's (sole proprietor's) activities be provided within three days, including the provision of personal data on employees. It is also proposed to pay the state fee using a QR code," the message says. The press release emphasizes that the interdepartmental commission never requires employers to make any payments. A similar warning was posted on its page by the Nizhnevartovsk occupational safety community.
—With the help of ads on social networks, scammers hire couriers to post phishing flyers in the entrances," a district commissioner of one of the regional police departments told Izvestia. — As a rule, they hire foreigners who can't even read Russian. By itself, the dissemination of information in this way is strictly regulated, unauthorized advertising is illegal in principle in Moscow. But it is very difficult to prove the involvement of employees in fraud.
According to him, important information for residents should be placed on stands under glass, which only the management company has access to.
— These "storefronts" are under lock and key for a reason, this is done, among other things, for security reasons, therefore, arbitrary announcements in the entrance area belong exclusively in the trash can, — the policeman added.
Fictitious payment documents for housing and communal services continue to be distributed through mailboxes.
—QR codes placed on ads lead to a fake website offering authorization via Telegram," explains Alexander Vurasko, Development Director of the Solar AURA External Digital Threat Monitoring Center at Solar Group. — After entering their data, the victim loses access to the account.
Criminals usually use access to their personal page to send fan mail to contacts asking them to lend money, as Izvestia has already reported. But there are other, more dangerous scenarios. In correspondence, criminals may find compromising or other sensitive information about a person and their loved ones.
Among the new tricks of scammers are stickers with a fictitious QR code placed on scooters. Such cases have been recorded, in particular, in Volgograd. Fraudsters transfer the user to a phishing page, where they need to provide personal data, including details of payment instruments. Similar cases have also been reported in Kaluga and Ryazan.
How to protect yourself
— To protect yourself, you need to be attentive to every QR code you encounter, - Alexey Kruglov, a leading specialist in personnel training at the IT integrator First Bit, told Izvestia. — Do not scan random QR codes if you do not know where they should lead. This is especially true for codes from street ads or from Telegram chats.
Always double-check the link address after decrypting the code with your smartphone. Typos may be intentionally added to it, redirecting you to a phishing site. Use anti-phishing antiviruses. Never enter your bank card details, usernames, or passwords on QR-code websites.
When paying with a QR code for housing and communal services, be sure to double-check the details specified in the payment — they could have been replaced by intruders.
If you realize that you are hooked by scammers, immediately block the card through your bank's hotline or the official app, and then file a police report, the expert says.
— If you clicked on the code from the ad, do not enter the data to log in to the messenger, — said Alexander Vurasko, a cybersecurity expert. — We also recommend installing only the official Telegram app and not entering usernames and passwords on third-party websites.
Переведено сервисом «Яндекс Переводчик»
